Monday, September 12, 2011

Understanding SSL certificate


  • Commonly used public key algorithms include RSA(for web)El Gamal(for gpg) and Diffie-Hellman (for ssh).
  • Generate a 1024 bit RSA private key
    Execute command: “openssl genrsa -out private_key.pem 1024”
    e.g.


    $ openssl genrsa -out private_key.pem 1024
    Generating RSA private key, 1024 bit long modulus
    .............................++++++
    ................................................................++++++
    e is 65537 (0x10001)

    Generating a public key from a private key

    Execute command: "openssl rsa -pubout -in private_key.pem -out public_key.pem"
    e.g.



    $ openssl rsa -pubout -in private_key.pem -out public_key.pem
    writing RSA key
    A new file is created, public_key.pem, with the public key.


    Viewing the key elements

    Execute command: "openssl rsa -text -in private_key.pem"


    For security purposes, the integers p and q should be chosen uniformly at random and should be of similar bit-length

    Compute n = pq.


    • n is used as the modulus for both the public and private keys

    All parts of private_key.pem are printed to the screen. This includes the modulus (also referred to as public key and n)public exponent (also referred to as e and exponent; default value is 0x010001 - 65537), private exponent, and primes used to create keys (prime1, also called p, and prime2, also called q), as well as a few other variables used to perform RSA operations faster and the Base64 PEM encoded version of the key.

    The "public key" actually represents a pair of parameters (numbers): a Modulus and a public exponent E. The public exponent is usually chosen to be relatively small (often 3 bytes). The size of the Modulus in bits is referred to as the "key size". A Modulus of size 128 bytes represents a "1024 bit RSA key". 
    The "private key" is usually described as a number pair consisting of the same key Modulus and aprivate exponent DD is usually chosen to be about the same size as the modulus (~128 bytes).Random selection of Modulus, E and D starts by random selection of two large prime numbers.
  • openssl genrsa command generates a pair of private key and public key actually, not only private key.
  • how to verify a ssl certificate, nowadays, CA use SHA1withRSAencryption to sign the public key as certificate.
To validate the certificate, one needs the certificate that matches
the Issuer (Thawte Server CA) of the first certificate. First one
verifies that the second certificate is of a CA kind; that is, that it
can be used to issue other certificates. This is done by inspecting a
value of the CA attribute in the X509v3 extension
section. Then the RSA public key from the CA certificate is used to
decode the signature on the first certificate to obtain a MD5 hash,
which must match an actual MD5 hash computed over the rest of the
certificate
  • how to verify CA root certificate itself
This is an example of a self-signed certificate, as the issuer and subject are the same. There's no way to verify this certificate except by checking it against itself; instead, these top-level certificates are manually stored by web browsers. Thawte is one of the root certificate authorities recognized by both Microsoft and Netscape. This certificate comes with the web browser and is trusted by default. As a long-lived, globally trusted certificate that can sign anything (as there are no constraints in the X509v3 Basic Constraints section), its matching private key has to be closely guarded.

  • how to show SSL connection information from the browser
  1. Internet Explorer
Version 6.0 - from file menu, choose properties, you will see something like this:
SSL 3.0, RC4 with 128 bit encryption (High); RSA with 1024 bit exchange
or right click on page blank area, choose properties.

Version 7.0 - firstly, show file menu by choosing tools/menu bar, then use the same method as above.

2. Firefox
right click on the blank area of SSL website homepage, choose 'view page info'. You will see something like this:
Connection encrypted: high-grade encryption, AES-256 256bit

  • Useful OpenSSL commands
1. generate a pair of RSA private and public key (will be triple-DES encrypted and PEM format which has begin certificate and end certificate)
$ openssl genrsa -des3 -out server.key 1024
or
$ openssl genrsa -out server.key 1024

note: the most browser only supports RSA 1024bit key. Not either DSA or 2048bit key.

2. View RSA private key details
$ openssl rsa -noout -text -in server.key

3. Create a decrypted PEM version of rsa private/public key pair
$ openssl rsa -des3 -in server.key -out server.key.new
$ mv server.key.new server.key
or
$ openssl rsa -in server.key -out server.key.unsecure

4. create CSR file from private/public key pair file, will be in PEM format
$ openssl req -new -key server.key -out server.csr

5. view CSR file details
$ openssl req -noout -text -in server.csr

6. view CRT file detail
$ openssl x509 -noout -text -in server.crt

  • Creating a certificate authority and certificates with openssl
(refer to http://www.octaldream.com/~scottm/talks/ssl/opensslca.html)

The short answer is to use the CA.sh or CA.pl script provided by OpenSSL (/usr/share/ssl/misc/CA)

The private key contains a series of numbers. Two of those numbers form the "public key", the others are part of your "private key". The "public key" bits are also embedded in your Certificate (we get them from your CSR). To check that the public key in your cert matches the public portion of your private key, you need to view the cert and the key and compare the numbers. To view the Certificate and the key run the commands:
$ openssl x509 -noout -text -in server.crt
$ openssl rsa -noout -text -in server.key
The `modulus' and the `public exponent' portions in the key and the Certificate must match. But since the public exponent is usually 65537 and it's bothering comparing long modulus you can use the following approach:
$ openssl x509 -noout -modulus -in server.crt | openssl md5
$ openssl rsa -noout -modulus -in server.key | openssl md5
And then compare these really shorter numbers. With overwhelming probability they will differ if the keys are different. BTW, if I want to check to which key or certificate a particular CSR belongs you can compute
$ openssl req -noout -modulus -in server.csr | openssl md5
  • convert PEM to DER format
The default certificate format for SSLeay/OpenSSL is PEM, which actually is Base64 encoded DER with header and footer lines. For some applications (e.g. Microsoft Internet Explorer) you need the certificate in plain DER format. You can convert a PEM file cert.pem into the corresponding DER file cert.der with the following command: 
$ openssl x509 -in cert.pem -out cert.der -outform DER


  • how to generate .pem/.csr/.crt/ etc certificate files.
cd /usr/share/ssl/certs
make server.pem
make server.crt
etc
  • How to apply new SSL certificate in Apache without restarting service
ps -efH to find out the pidnum of parent httpd
then run kill -USR1 pidnum to make sure it generates new log file
Please refer to http://httpd.apache.org/docs/1.3/stopping.html

  • How to test to make sure the server has been restarted with new certificate?
use openssl s_client command to check if it get retrieve the new certificate:

openssl s_client help to get the the help manual
openssl s_client -connect 10.0.201.104:443 -tls1  to retrieve the certificate content.

or use curl directly
curl -v https://10.0.0.1 will display the certificate, even decrypted for PEM certificate, you can see the start date and end date directly on the screen.
  • Useful URLs
  1. http://www.modssl.org/docs/2.8/ssl_faq.html#ToC27
  2. http://www.herongyang.com/crypto/openssl_rsa.html